Server Management - Systems Insight Manager
1748014 Members
4194 Online
108757 Solutions
New Discussion юеВ

Re: Upgrade to SIM 7.2 broke iLO SSO?

 
SOLVED
Go to solution
bretsanders
Occasional Contributor

Upgrade to SIM 7.2 broke iLO SSO?

Since upgrading from 7.1 to 7.2 yesterday on Linux, SSO no longer works to access iLOs. The certificate is still present in the iLO SSO configuration. I even tried to delete and re-add the certificate in the iLO with no success (still get login screen). What might I be doing wrong?

 

I've tried adding the cert by copying/pasting the certificate and by DNS name. I have Trust By Cert turned on. It worked on our 500+ servers before the upgrade, now it does not.

7 REPLIES 7
NJK-Work
Honored Contributor

Re: Upgrade to SIM 7.2 broke iLO SSO?

Same problem here.  Upgrade from 7.1 to 7.2 changed the SIM certificate.  I sent out the new cert to all the client SMH installs and that worked.  But after importing the new cert into the iLO SSO, SSO it still does not work.  SSO was working fine with version 7.1.

 

Let us know if you find a solution.

Thanks

NK

bretsanders
Occasional Contributor

Re: Upgrade to SIM 7.2 broke iLO SSO?

I cannot even get it to work with SMH any more. Tried using smhconfig -C filename to put in the new cert, but no luck. Guess I'll open a case.

EdvardHofmann
Occasional Visitor

Re: Upgrade to SIM 7.2 broke iLO SSO?

Did you find a solution to this matter?

Tushar Bajpai
Trusted Contributor
Solution

Re: Upgrade to SIM 7.2 broke iLO SSO?

Why SSO is failing for ILO ?

 

- Since HP-SIM 7.1 uses 1024 bit certificate by default for SIM and SSO both it was working before. But the 1024 bit certificate imported before upgrade is no more valid and SSO will fail.

 

For Downloading New Certificate:

 

- SSO certificate should be downloaded using http://localhost:280/GetCertificate?certtype=sso

- use CRA to push the SSO certificate on the  target node.

 

Please follow the document carefully, SSO with all the devices works flawlessly.

 

USER GUIDE and Release Notes.

 

if it helped, award me Kudos or Points. Thanks :)

\T Bajpai
HP Employee

bretsanders
Occasional Contributor

Re: Upgrade to SIM 7.2 broke iLO SSO?


@Tushar Bajpai wrote:

Why SSO is failing for ILO ?

 

- Since HP-SIM 7.1 uses 1024 bit certificate by default for SIM and SSO both it was working before. But the 1024 bit certificate imported before upgrade is no more valid and SSO will fail.

 

For Downloading New Certificate:

 

- SSO certificate should be downloaded using http://localhost:280/GetCertificate?certtype=sso

- use CRA to push the SSO certificate on the  target node.

 

Please follow the document carefully, SSO with all the devices works flawlessly.

 

USER GUIDE and Release Notes.

 


Thank you! That GetCertificate URL got me 95% working on the iLOs and SMH. Some older iLOs don't seem to work however (iLO 2).

Steven McLean
Advisor

Re: Upgrade to SIM 7.2 broke iLO SSO?

So, I have completed a full (new) install of IC 7.3 and can't get SSO to work with iLOs.  I have removed teh previous SIM cert from teh ilos and replaced it with the new cert.  But SSO is still not working.

 

from the manual

The HP SIM SSO certificate is created if, and only if, there is no prior SSO certificate.

NOTE:

тАв

An SSO certificate is used by HP SIM 7.0 and later. Therefore, there is a possibility that the

previous version of HP SIM may not contain an SSO certificate. Only in these cases, the SSO

certificate will be created during the upgrade process.

тАв

Once the SSO certificate is created, the trust relationship with the managed systems must be

re-established, by importing the new SSO certificate into the managed systems.

 

What am I missing?

Steven McLean
Advisor

Re: Upgrade to SIM 7.2 broke iLO SSO?


@Steven McLean wrote:

So, I have completed a full (new) install of IC 7.3 and can't get SSO to work with iLOs.  I have removed teh previous SIM cert from teh ilos and replaced it with the new cert.  But SSO is still not working.

 

from the manual

The HP SIM SSO certificate is created if, and only if, there is no prior SSO certificate.

NOTE:

тАв

An SSO certificate is used by HP SIM 7.0 and later. Therefore, there is a possibility that the

previous version of HP SIM may not contain an SSO certificate. Only in these cases, the SSO

certificate will be created during the upgrade process.

тАв

Once the SSO certificate is created, the trust relationship with the managed systems must be

re-established, by importing the new SSO certificate into the managed systems.

 

What am I missing?



OK, figured it out.  Configure repair Agents, worked on only some iLOs the first time... had to run it again on some though, all is now working.

 

Funny though that importing the certificate from within the iLO, or through XML scripting through the OA CLI, as done in the past no longer works.